I’m trying to configure my application so that the user only gets an MFA_CHALLENGE after they enroll for the first time or if their device changes. I’ve been through the sign-on rules and tried setting this up but haven’t had any luck getting the app to behave this way. Currently it will prompt with every login attempt.
So far I’ve tried adding a new rule to the Sign On Policy at the application level and in the Authentication section. Here’s my configuration:
Any help would be greatly appreciated!